package jumio.core;

import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import com.jumio.commons.log.Log;
import com.jumio.core.network.TrustManagerInterface;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.cert.CertificateException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes3.dex */
public final class a implements TrustManagerInterface {

    /* renamed from: a, reason: collision with root package name */
    public final X509TrustManager f11518a;

    /* renamed from: b, reason: collision with root package name */
    public String f11519b = "";

    /* renamed from: c, reason: collision with root package name */
    public final byte[][] f11520c;

    public a() {
        y1 y1Var = y1.f11717a;
        this.f11520c = new byte[][]{y1Var.a("fbe3018031f9586bcbf41727e417b7d1c45c2f47f93be372a17b96b50757d5a2"), y1Var.a("7f4296fc5b6a4e3b35d3c369623e364ab1af381d8fa7121533c9d6c633ea2461"), y1Var.a("36abc32656acfc645c61b71613c4bf21c787f5cabbee48348d58597803d7abc9"), y1Var.a("f7ecded5c66047d28ed6466b543c40e0743abe81d109254dcf845d4c2c7853c5"), y1Var.a("2b071c59a0a0ae76b0eadb2bad23bad4580b69c3601b630c2eaf0613afa83f92")};
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager trustManager = trustManagerFactory.getTrustManagers()[0];
        kotlin.jvm.internal.m.d(trustManager, "null cannot be cast to non-null type javax.net.ssl.X509TrustManager");
        this.f11518a = (X509TrustManager) trustManager;
    }

    public final void a(X509Certificate x509Certificate) throws CertificateException {
        try {
            try {
                x509Certificate.checkValidity();
            } catch (CertificateNotYetValidException e2) {
                Log.w("JumioTrustManager", "SSL Certificate is not yet valid", e2);
            }
        } catch (Exception e10) {
            throw new CertificateException("SSL Certificate match error", e10);
        }
    }

    public final void a(X509Certificate[] x509CertificateArr) throws CertificateException {
        boolean z10;
        byte[] digest = MessageDigest.getInstance("SHA-256").digest(x509CertificateArr[x509CertificateArr.length - 1].getPublicKey().getEncoded());
        byte[][] bArr = this.f11520c;
        int length = bArr.length;
        int i10 = 0;
        while (true) {
            if (i10 >= length) {
                z10 = false;
                break;
            } else {
                if (Arrays.equals(digest, bArr[i10])) {
                    z10 = true;
                    break;
                }
                i10++;
            }
        }
        if (!z10) {
            throw new CertificateException("Certificate pinning failed");
        }
        X509Certificate x509Certificate = x509CertificateArr[0];
        a(x509Certificate);
        String name = x509Certificate.getSubjectDN().getName();
        kotlin.jvm.internal.m.e(name, "clientCertificate.subjectDN.name");
        StringBuilder sb2 = new StringBuilder();
        for (int i11 = 0; i11 < name.length(); i11++) {
            char charAt = name.charAt(i11);
            if (!kotlin.text.a.b(charAt)) {
                sb2.append(charAt);
            }
        }
        String sb3 = sb2.toString();
        kotlin.jvm.internal.m.e(sb3, "filterNotTo(StringBuilder(), predicate).toString()");
        if (!kotlin.text.v.m(sb3, "CN=" + getHostname(), true)) {
            throw new CertificateException("Certificate pinning failed");
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        kotlin.jvm.internal.m.f(chain, "chain");
        kotlin.jvm.internal.m.f(authType, "authType");
        this.f11518a.checkClientTrusted(chain, authType);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        kotlin.jvm.internal.m.f(chain, "chain");
        kotlin.jvm.internal.m.f(authType, "authType");
        if (chain.length < 2) {
            throw new CertificateException("SSL Certificate Chain is not sufficient");
        }
        if (Build.VERSION.SDK_INT >= 24) {
            new X509TrustManagerExtensions(this.f11518a).checkServerTrusted(chain, authType, getHostname());
        } else {
            this.f11518a.checkServerTrusted(chain, authType);
        }
        a(chain);
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] acceptedIssuers = this.f11518a.getAcceptedIssuers();
        kotlin.jvm.internal.m.e(acceptedIssuers, "defaultTrustManager.acceptedIssuers");
        return acceptedIssuers;
    }

    @Override // com.jumio.core.network.TrustManagerInterface
    public String getHostname() {
        return this.f11519b;
    }

    @Override // com.jumio.core.network.TrustManagerInterface
    public void setHostname(String str) {
        kotlin.jvm.internal.m.f(str, "<set-?>");
        this.f11519b = str;
    }
}
